Re: Handling of entropy during boot
- Date: Wed, 9 Jan 2019 11:40:24 -0500
- From: "Theodore Y. Ts'o" <tytso@xxxxxxx>
- Subject: Re: Handling of entropy during boot
On Wed, Jan 09, 2019 at 09:58:22AM +0100, Stefan Fritsch wrote:
> There have been a number of bug reports and blog posts about this, despite
> buster not being release yet. So it's not that uncommon.
Pointers, please? Let's see them and investigate. The primary issue
I've been aware of to date has been on Fedora systems, and it's due to
some Red Hat specific changes that they made for FEDRAMP compliance
--- and Red Hat has dealt with those issues.
If there are problems for people using Debian Testing, we should
investigate them and understand what is going on.
> > My suggest is to try and figure out *what* is blocking, and *why*. If
> > it's because it's something security-critical, such as generating ssh
> > keys, letting things continue even though we don't have secure entropy
> > is a bad, bad, BAD idea. If it's for something stupid, like
> > generating seeds for Python dictionaries (just as an example; that one
> > has been fixed) then the application should be fixed not to request
> > secure randomness in the first place.
> No, that's utterly wrong. If it's a hassle to use good entropy, people
> will use gettimeofday() for getting "entropy" and they will use it for
> security relevant purposes. In this way, you would achieve exactly the
> opposite of what you want.
If *users* do this, then if they end up releasing credit card numbers
or PII or violate their customers privacy which brings the EU's GDPR
enforcers down on then, it's on *their* heads. If *Debian* makes a
local Debian-specific change which causes these really bad outcomes,
then it's on *ours*.
We've tried to do this ten years ago, when well-meaning Debian
Developers tried to "fix" OpenSSL's random number library, and it
turned out to be a disaster. So let's be careful and to replicate
past mistakes, eh?
> Any program that does secure network connections needs entropy for
> Diffie-Hellman. And even seeds for hash buckets can be security relevant.
> You really don't want that people need to distinguish between
> security-critical and stupid uses of entropy, because they WILL get it
Sure, this is why developers need to investigate the bugs. You said
you provided links, but I couldn't find any in your e-mail messages or
earlier ones on this thread. Perhaps I missed them; in which case, my
apologies. Can you please send/resend those links?
Can you please prioritize reports from people running Debian Unstable
or Debain Testing? As I said above, these issues tend to be very
distro specific, especially when distros are messing around with
crypto-related libraries in order to keep the US Government happy.